Hello, and welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.

Today we are going to discuss cybersecurity in municipalities. I was fortunate to have a talk with many state and local government municipal clerks recently, and I wanted to talk for a little while about that particular opportunity. In my opinion, these folks are on the front lines of our nations critical infrastructure and must understand the cyber-related responsibilities that come with a role like that.

Our local municipalities all over the nation are plagued by very similar issues, and many stem from budget. I received a few questions regarding how to learn about cyber or how to employ cybersecurity tools or practices in offices that do not have a budget for even a single information technology person, much less a cyber professional. It is hard to imagine how or why this issue exists, especially when we see cybersecurity breaches, data theft, and organizational compromises multiple times a day in the headlines.

These municipalities that cannot afford even IT support control access to water supplies, water treatment facilities, power, and other critical utilities. How in the world can funding not be available? Why, even after many years of visibility, regulatory changes, and various federal initiatives can cybersecurity still take a back seat to other things? I think it is VERY important for everyone to understand the impacts here from a lack of cyber awareness, cyber education, and cyber defense.

Ok, you may think that I am getting a little riled up for something not as important as I may think it is. Well, ok, the municipal clerk may not have direct access to the water treatment plant, the power grid, or other things, but that is a way in, a place to dwell and pivot. When you are in such a small rural area that the municipality cannot even provide some awareness training, we have much larger problems.

Many individuals in this talk had heard of some of the basic terms in social engineering like phishing, but were not aware of smishing, vishing, spear phishing, whaling, pretexting, or other methods of trickery. When we discussed the verification of credentials (in the case of vishing or impersonation) many were not sure how to verify credentials or if it was even possible. Some of these fantastic people hold multiple roles in their municipalities for the same reason as there is no cyber presence. Budget, plain and simple.

So how to we rectify this? A contact I met years ago, the former CIO of North Dakota, had started an initiative with the Governor that really made an impact in his state. He called it the K-20W initiative, which was to have cybersecurity classes in every grade level from Kindergarten through PhD. You may wonder what that has to do with municipalities, Well, imagine if everyone in your organization had 12+ years of cyber education and awareness. Would the issues be increased or reduced?

I hope you answered reduced. GREATLY reduced. See, many people in positions of leadership have been around for a while. Not calling folks old, mind you, but remember, 20 years ago cybersecurity was not near what it is now. 30 years ago cybersecurity wasn’t even a household term, and 40 years ago it was barely even known about. My point here is that many leaders in various industries know how to advance business, generate revenue, execute sales, but they were not educated in cybersecurity, so it’s simply outside their purview.

So, it’s way past due to get cybersecurity into their purview. Plans need to be made, schedules need to be looked at, meetings need to be planned out to present these leaders with the real ramifications of breaches, compromises, and our critical infrastructures. A hard look needs to be taken at where monies are spent, what priorities have been made over security and why, and of course a cost-benefit analysis to see what can be done as cost efficiently as possible.

Bottom line is that more attention needs to be given to our front line people and our critical infrastructure. If we keep electing to turn a blind eye, we will pay a much higher price later. If you are listening to this and have some similar issues or questions regarding your office and how you can obtain some cybersecurity knowledge, training, or awareness, reach out to the folks here at GuardSight. It is part of our mission to help those in need to protect their data, their assets, and their endpoints. We are passionate about that and we’ll help in any way we can.

I was blessed to be able to provide some education and awareness of different cyber threats out here like social engineering, ransomware, and others. The group was extremely receptive to the discussion. Let’s keep those discussions going!

We here at GuardSight thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what GuardSight can do for you, head on over to www.guardsight.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!